Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maven Compile Warning for SuppressFBWarnings #1786

Open
adase11 opened this issue Sep 25, 2023 · 3 comments
Open

Maven Compile Warning for SuppressFBWarnings #1786

adase11 opened this issue Sep 25, 2023 · 3 comments

Comments

@adase11
Copy link

adase11 commented Sep 25, 2023

Problem:

Introducing the dependency on aws-encryption-sdk-java introduces compile warnings about edu.umd.cs.findbugs.annotations.SuppressFBWarnings

For example:

Cannot find annotation method 'value()' in type 'edu.umd.cs.findbugs.annotations.SuppressFBWarnings': class file for edu.umd.cs.findbugs.annotations.SuppressFBWarnings not found

Solution:

Options:

  • Change the scope of the com.google.code.findbugs to compile.
  • Document the potential warnings and suggest fixes like declaring dependencies in your own project

Out of scope:

I'm sure there are different options for handling this and they may vary depending on the build tool being used.
@imabhichow
Copy link
Contributor

Hi @adase11,

Thank you for raising this issue and providing potential solutions. We appreciate your engagement in improving the AWS ESDK.

Regarding your proposed solutions:

Change the scope of the com.google.code.findbugs to compile

We appreciate your suggestion, but it's important to note that we do not want the com.google.code.findbugs to be on the user's runtime classpath. Therefore, changing the scope to compile would not be an appropriate solution in this case.

Document the potential warnings and suggest fixes like declaring dependencies in your own project

We would add a suggestion to the README, but this com.google.code.findbugs is deprecated. Rather than documenting workarounds for deprecated libraries, we hope to update the dependency to the new spotbugs code scanner.

Thanks,
AWS Crypto Tools

@adase11
Copy link
Author

adase11 commented Oct 3, 2023

Thanks for looking into this. An upgrade to SpotBugs Annotations would be great. Although wouldn't that still lead to the same behavior as the retention of that annotation in the spotbugs repository is CLASS as well https://github.com/spotbugs/spotbugs/blob/master/spotbugs-annotations/src/main/java/edu/umd/cs/findbugs/annotations/SuppressFBWarnings.java#L33C4-L33C4 .

@Retention(RetentionPolicy.CLASS)
public @interface SuppressFBWarnings {
...
}

That would mean that dependent projects will have the SuppressFBWarnings annotation retained on the class files but they will not have the dependency on their classpath without explicitly providing it - and therefore the warnings would continue.

@adase11
Copy link
Author

adase11 commented Jan 17, 2024

Any update on this thread @imabhichow ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@imabhichow @adase11